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Qualys Cloud Platform 
Quick Tour 


The Qualys Cloud Platform is a platform of integrated solutions that provides businesses with 
asset discovery, network security, web application security, threat protection and compliance 
monitoring. It’s all in the cloud - simply log into your account from any web browser to get 


everything you need to secure all of your IT assets. 


Let’s take a look at the Qualys user interface and how to get around. 


Choose One of our Solutions 


Our integrated suite of solutions is presented to you in a single view. 
Simply choose the solution you’re interested in from the application 
picker and get started right away! You’ll see only the applications that 
are enabled for your subscription and available to you. 


(@) Qualys. Cloud Platform Start Here 


eA 


t=- 


Dashboard Vulnerabilities Prioritization Scans Reports 


(9) GLUE Scans Maps Schedules Appliances Op 


v | New w | — | Filters w 


Title 


Copyright 2011-2020 by Qualys, Inc. All Rights Reserved. 


VMDR DASHBOARD. VULNERAI 
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ct, prioritize and remediate vulnerabilities, and 
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Continuous Monitoring 
(OWE Set up monitoring and alerting of new security risks 


Container Security 
Dis ack, and continuously protect Containers 
and Images 


Secure Enterprise Mobility 
SAME visibility, security, continuous monitoring for Mobile 
Devices and Data for enterprises 


Threat Protection 
LLE Add threat intelligence feed to your existing AssetView 


CloudView 
C Monitor changes on cloud platforms 
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Industrial Control System BETA 
UOTE Get real time visibility of critical industrial assets and 
manage their vulnerabilities. 


ASSET MANAGEMENT (3) 


CyberSecurity Asset Management 
STOMA identify security gaps and manage asset health across 
your hybrid IT environment 


Global AssetView 


CWA Maintain full, instant visibility of all your global IT 
assets (Formerly Global IT Asset inventory) 
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AssetView (Legacy) 
A\ Asset Management, Tagging, and Search 


IT OPERATIONS (2) 


Patch Management 
Deploy patches to your systems 


Secure Access Control 


GROE Network containment for your vulnerable, affected and 
non-compliant assets 
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SECURITY OPERATIONS (1) 


Endpoint Detection and Response 
Malware Detection, Threat Hunting, Incident 
ponse 


Investigation and Res} 
COMPLIANCE (5) 


Out-of-Band Configuration Assessment 
(TONE extend security and compliance to inaccessible assets 


Web Malware Detection 
Scan and Monitor Your Sites for Malware Infections 


SECURE Seal 


PLEASE NOTE! Secure Seal will be retired on 
December 31, 2020. 


API Security BETA 
Assess the security posture of your APIs throughout 
the SDLC 
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SENSOR MANAGEMENT (2) 


Cloud Agent 


Stay updated with network security by deploying 
agents on your hosts 


Network Passive Sensor 
Gain continuous, real-time visibility of all assets 
connected to your network 
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Administration 
Manage Application Users and Permissions 


Unified Dashboard 
Build multiple widgets from your Qualys apps in a 
single dashboard 
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Go to a Section 


You'll see a set of menu options across the top of the screen representing the main areas of 
functionality. Each section provides workflows specific to the application you're in. For example, 
go to the Scans section to launch and manage scans; go to the Reports section to run and 
manage reports. 


VMDR y 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets KnowledgeBase Users 


Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


Targets 
L @; Small Scan 10.10.10.11 
(m) @ 10.10.10.2-10.10.10.100 10.10.10.2-10.10.10.100 


Each section includes at-a-glance all of the tools and setup options you need for success. In the 
Scans section you have access to your scan schedules, scanner appliances, option profiles, 
authentication records and scan setup options. This means you don’t have to leave the Scans 
section to set up your scan configurations or set global options related to scans. 


Take Action 


Start New Workflows 


The New menu above each list is your starting point for new workflows and configurations. Use 
the New menu to start scans, run reports, create new option profiles, and so on. 


Maps Schedules Appliances Option Profiles Authentication 


PCI Option Profile... 
Import from Library... 


Download... 
Standard #ffie Option 


Standard Lite Scan 


Standard Windows Share Enumeration - VM 


Standard test 
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Take Quick Actions on a Single Item 


You can take action on a single item in a list using the Quick Actions menu. For example, view or 
download the Scan Results report for a finished scan. When you hover over a data list row, the 
row is highlighted and a drop-down arrow appears. Click the arrow to see the Quick Actions 
menu with available actions for the selected item. 
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Quick Actions 


Relaunch 
Pause/Resume 
Cancel 


@ Windows Hosts 


@ 10.10.25.69 


Take Bulk Actions on Multiple Items 


You can take bulk actions on multiple items in a list using the Actions menu. For example, pause 
or cancel multiple running scans in a single action. Select the check box for each item in the list 
your action applies to, then select an action from the Actions menu. 


Maps Schedules Appliances Option Profiles Authentication 


10.10.10.6, 10.10.10.8, 


Quick Tour 3 


Use Filters 


Use filters to change your list view. For example, if you’re on the scans list and you’re only 
interested in finished scans, then you would select Finished Scans from the Filters menu. The 
list is instantly updated and a message appears next to the Filters menu as a visual reminder 
that filters are turned on. Clear the filter to return to the full list. 


Maps Schedules Appliances Option Profiles Authentication 


—_— 
| Fitters v |< Finished Scans | 


l Processing Tasks | 
| —]| es 
a My Scans 
@ Windows Hosts 10.10.10.6, 
Vulnerability Scans 
10.10.10.10 


EC2 Scans 


@ 10.10.25.69 10.10.25.69 


Queued Scans 
Running Scans 
[ © SSL Grade Paused Scans 10.10.24.72 
Canceled Scans 10.10.36.15 


@ Daily Windows Scan Saa 10.10.25.69 
Eo 10.10.26.10 


E Daily Windows Scan 10.10.25.69 
© 


Customize Your View 


You can hide columns, change the sorting criteria and specify the number of rows to appear in 
each list. To do so, use the Tools menu above the list, on the right side. 


Search Lists Setup 


| | 1-80 of 80 


Targets 


Option Profile Sort By 
User Rows Shown 
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Option Profile User Date f 


D.6, 10.10.10.8, Initial Options - Auth Patrick Slimmer 06/02/201 


).10-10.10.10.... Enabled Reference 


Date nished 
Status 


Initial Options - Auth Patrick Slimmer 06/02/201 
Enabled 


SSS E888 


Launched 


4.72, 10.10.24 84, Initial Options - Auth Patrick Slimmer 05/26/201 
5.159, 10.20... Enabled 


nished 


».69-10.10.25.70, Initial Options - Auth Patrick Slimmer 04/03/2016 Finished E] 
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Review Setup Options 


Review setup options in the context of your current view. When you're in the Scans section go to 
the Setup tab to see global options related to scans and scan results. When you're in the Users 
section go to the Setup tab to see options related to users, and so on. The setup options available 
to you depend on your service level and subscription settings. The ability to edit setup options is 
determined by your role and permissions. 


‘= Scans | Scans Maps Schedules Appliances Option Profiles Authentication Search Lists ic i 


Storage Excluded Hosts Dissolvable Agent PCI Account Links 


Define how long you want to keep scan results in your Configure a list of hosts which will not be scanned by Accept Agent installation in order to conduct scans Add links to PCI accounts you want to share PCI 
account the service. with certain capabilities on Windows devices. scans with. 


Scheduled Scans Agentless Tracking Scanner Trusted CA DNS Tracking 


Define scheduling options. Accept Agentiess Tracking in order to report on hosts Manage a custom chain of trusted certificate Enable DNS Tracking for hosts when the DNS 
by host ID. authorities. hostname is detected 


Manage Assets 


Your account will include all of the assets that you’re scanning or monitoring for security. For 
example, in Vulnerability Management (VM), go to the Assets section (shown below) to see host 
assets (IP addresses), domains and virtual hosts in your account. In Web Application Scanning 
(WAS), you go to the Web Applications section to see the web applications you can scan for 
vulnerabilities and malware. 
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Dashboard Vulnerabilities Prioritization Scans Reports Remediation CAssets knowledgebase Users 


Asset Groups Host Assets Asset Search Virtual Hosts Domains Applications Ports/Serv 


[ New v | { Search | | Filters v 


a IPs 


10.10.10.2-10. 10.10.100 


10.10.10.11-10.10.10.52 
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Manage Users 


The Users section is where you manage users, business units and distribution groups. Any user 
with management authority can add users with unique roles and privileges. 


VMDR v 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets krowedgoBaso( usere 


Business Units Distribution Groups Activity Log Setup 


| New v | | Search | | Filters w 


iJ Name a Role Business Unit 
L Hana Singh Scanner Europe 
James Kodiak * Unit Manager Europe 


Patrick Slimmer * Manager Unassigned 


Make Changes to Your Account 


To change your password, home page, contact information, or email notifications, select from 
the options that appear below your user name in the top, right corner. 


Change Password... 

Account Activity 

User Profile 
Search Lists Setup Account Settings 


Home Page... 


Option Profile User 
6, 10.10.10.8, Initial Options - Auth Patrick Slimmer 06/02/2016 Finished i} = 
0-10.10.10.... Enabled | 


Initial Options - Auth Patrick Slimmer 06/02/2016 Finished o| 
Enabled 
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Get Up to Date Views on your IT Assets 


Each solution includes an interactive dashboard with a high-level summary of your security and 
compliance posture based on the latest data available in your account. 


VMDR Dashboard 


Use the Qualys provided VMDR dashboard to view your vulnerability posture. Create multiple 
dashboards and switch between them. Each dashboard has a collection of widgets showing asset 
data of interest. 


VMDR DASHBOARD VULNERABILITIES PRIORITIZATION SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS = e Mi 
ao 


New Vulnerability Management v 
> © 


FIXED VULNERABILITIES 


1.73K 6 


6 (28783%) 
Y 28783.33% 


DISABLED / IGNORED VULNS VULNERABILITIES BY SEVERITY VULNERABILITIES BY TYPE 


Potential 


\ 


a 


788 
0 nad 
351 
E 126 Confirmed 
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Classic VM Dashboard 


For accounts that have not been upgraded to VMDR, you'll see the Classic VM dashboard. Find 
out where your IT systems are vulnerable to the latest threats & how to protect them. 


Vulnerability Management v Help w Patrick Slimmer (quays_tt1) w | Logout 
Dashboard Scans Reports Remediation Assets KnowledgeBase Users 
Top 10 vulnerabilities 
Dashboard ceria New Active Reopened a r ; —_ 
Status within your permissions 8.619 13,050 94 Apache HTTP Server Multiple Cross-Sit... m.n | -+ 
Last Updated: 28 June 2016 , ? Schedule Scan A [a 
SSL Server Allows Anonymous Authentic... BENE 
z F B = 
Vulnerabilities by severity SSH Protocol Version 1 Supported [jd 
be E 
OpenSSH Signal Handling Vulnerability —_—_ 
z 
5,000 OpenSSL Multiple Remote Security Vuln... fi 
v [Fs] 
$ SSLITLS Server Factoring RSA Export K... TEAN 
E e < 
- 
2 2,500 I Most vulnerable hosts View All Refresh 
E] 
= 10.10.10.11 z 
2KBR2-U-10-11 
10.10.10.86 
o Ez 2012R2DTR-10-86 
Level 5 Level 4 Level 3 Level 2 Level 1 410.10.33.226 7 
2K3-33-226 
10.10.25.69 
= 
Title Date Status Title Next Launch 10.10.30.11 pa 
: 2KBCSP2-30-11 Se 
Daily Windows Scan - 20160628 06/27/2016 Finished Daily Windows Scan 06/28/2016 at 16:00:00 (GMT-0700) 
My Scan 06/09/2016 Finished Daily Unix Scan 06/28/2016 at 16:30:00 (GMT-0700) Latest reports View all 
Windows Hosts 06/02/2016 Finished My Monthly Scan 07/03/2016 at 03:00:00 (GMT-0700) 15 Tickets por Usor. A 
10.10.25.69 06/02/2016 Finished "EL 28 Jun 2016, 15:17:28 
10.10.25.69 06/02/2016 Finished fa] High Severity Report 
28 Jun 2016, 15:13:20 
ta] Auth Report - Windows Hosts = 
28 Jun 2016, 15:12:09 
| Patch Report Assigned CVSS Score-HighSeverity-Q... 
28 Jun 2016, 10:20:37 
a] Patch Report Assigned CVSS Score-HighSeverity-a... || 
28 Jun 2016, 10:19:19 - 


AssetView (AV) 


AV gives you a centralized location where you can view and query all of your asset data 
instantly. It brings security and compliance information together in one place, and lets you 
visualize your asset data in many ways. 


AssetView {v Help v | Patrick Slimmer (quays_tt1) w Logout 


Dashboard Assets Connectors 


Asset Overview ~” 


Actions v Add Widget Filter by Asset Tags 


ılı] ASSET DISTRIBUTION BY OPERATING SYSTEM 
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MacOS Linux Linux HP-UX Red Hat Windows Windows Windows Windows 
x 24-261 22-26 11. Enterprise 2000. XP 2003 R2 NT4 
Č) SOFTWARE DISTRIBUTION ==: MANUFACTURERS 
Name System Model Count 
E Ma Unkni Unkni 282 
Inknown Inknown 
BF er 7 
Be» @ Winzip 7 VMware, Inc. VMware Virtual Platform 2 
B vic I C+ Redistr 6 
y B presen rsonar231€ 
A B- 
® e2fsprogs 6 
ny 
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Cloud Agent (CA) 


Get continuous security updates through the cloud by installing agents on your hosts. 


Cloud Agent {v Help w | Patrick Slimmer (quays_tt1) w | Logout 
Agent Management 
Agent Managem Agents Activation Keys Configuration Profiles 
h 
Agent Overview: Versions Configuration Hide graph 
Total Agents © 5 Top 4 Operating Systems 
@ Ubuntu Linux 12.04 1 
VM Agents 4/20 S 10 Enterp 1 
= oo 
a rofess 1 
PC Agents 3/20 a 4 
n 
v | Install New Agent | Sagents tv 
o Agent Host Version Status/Last Checked-in ~ Configuration Agent Modules Tags 
qubu1204sqp3 1.5.0.20 Inventory Scan Complete My Custom Profile as Cloud Agent | Í tag-P 
afew seconds ago 
oO Linux-PC 150.20 Inventory Scan Complete My Custom Profile Cloud Agent 
less than a minute ago 
o QUALYS-PC 145.77 Inventory Scan Complete Initial Profile Cloud Agent 
22 minutes ago 
Oo WIN10ENT64-COMQ 145.77 Inventory Scan Complete Initial Profile Cloud Agent Windows 7 tagP 
35 minutes ago 
O A but.qualys.com 1.4.0.4 Inventory Scan Complete Initial Profile (Pc | Cloud Agent 
Apr 13, 2016 2:05:07 AM 


Continuous Monitoring (CM) 


Immediately receive alerts when new security risks are detected by your vulnerability scans. 
Changes to hosts will be monitored and alerts will be generated every time a change occurs. 


Continuous Monitoring {v Help w | Patrick Slimmer (quays_tt1) w Logout 


Alerts Configuration 


Profile: (All Monitoring Profiles) ~  Ruleset (multiple profiles selected) © «i Start Date: 06/01/2016 [3 End Date: 06/29/2016 l] 
Category: Host16 Pot183 Vulnerability 350 Hide graph 
750 
500 
50 
0 
6. Jun 13. Jun 20. Jun 27. Jun 4. Jul 11. Jul 18, Jul 


549alerts Hv 


Alert Message Host Impacted Time x 


New Vulnerability Found 38623 BE 10.10.10.34 06 Jun 2016 4:54AM GMT-0700 
OpenSSH Xauth Command Injection Vulnerability was found on host aix-53-10-34.qualys.com 


New Vulnerability Found 42428 BE pci 10.10.10.34 06 Jun 2016 4:54AM GMT-0700 
OpenSSH "child_set_env()" Security Bypass Issue was found on host aix-53-10-34.qualys.com 


New Vulnerability Found 42413 BE 10.10.10.34 06 Jun 2016 4:54AM GMT-0700 
OpenSSH LoginGraceTime Denial of Service Vulnerability was found on host aix-53-10-34.qualys.com 


New Host Found 10.10.10.34 
Host aix-53-10-34.qualys.com with the OS FreeBSD 2.2.1-4.x / AIX 5.1-5.2 was found by the scan demoscan 


06 Jun 20 


BEO OOO 


New Open Port : 5060/udp (sip_udp) 10.10.10.65 


Port found on host krb5.qualys.com 


06 Jun 2016 


Quick Tour 9 


Threat Protection (TP) 


Automatically prioritize the vulnerabilities that post the greatest risk to your organization. 
Threat Protection correlates active threats against your vulnerabilities. 


ThreatPROTECT v 


Dashboard Feed Assets 


ThreatPROTECT ~ 


Actions v Add Widget 
[C] LATEST THREATS FROM LIVE FEED 
Title 


Adobe Flash new 0-day 


ASSETS WITH VULNERABILITIES 
ACTIVELY EXPLOITED IN THE WILD 


84 


vs All Assets 
318 (26.41%) 


ASSETS WITH UNPATCHABLE 
VULNERABILITIES 


92 


Configuration 


New OS X Ransomware Keranger Client Inst... 


Lastest Adobe 0-day now in Angler ExploitKit 


Adobe Flash Player under new 0-day attack 


Impacted... Severity Published 
0 5/9/2016 
0 3/2/2016 
0 3/25/2016 
0 cag (442016 


ASSETS WITH EASILY 
EXPLOITABLE VULNERABILITIES 


92 


vs All Assets 
318 (28.93%) 


ASSETS WITH PATCHABLE 
VULNERABILITIES AGED 30 DAYS 


0 


vs All Assets 
318 (0.00%) 


ASSETS WITH ANGLER 
EXPLOITABLE VULNERABILITY 


0 


ASSETS WITH PUBLIC EXPLOIT 
AVAILABLE 


92 


vs All Assets 
318 (28.93%) 


ASSETS VULNERABLE TO ACTIVE 


88 


Mi Help w Patrick Slimmer (quays_tt1) w Logout 


Filter by Asset Tags 


ASSETS WITH ACTIVE 0 DAY 


0 


ASSETS WITH POTENTIALLY HIGH 
DATA LOSS VULNERABILITIES 


88 


vs All Assets 
318 (27.67%) 


ASSETS WITH HIGH LATERAL 
MOVEMENT VULNERABILITIES 


88 


Certificate View (CERT) 


Discover, assess and manage SSL/TLS certificates across your enterprise and cloud assets. 


Certificate View * 


>» 


DASHBOARD 


CERTIFICATES 


ASSETS REPORTS 


CONFIGURATION 


TOTAL CERTIFICATES 


VULNERABILITIES BY SEVERITY 


TOP 5 CERTIFICATES BY COMMON NAME 


JERTIFICATE NAME 


qw2k8r2pv4-65-213 


qw2k8r2uv4-65-214 
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Container Security (CS) 


Qualys Container Security supports discovery, inventory and tracking of container environment 
with vulnerability analysis for images and containers. 


Container Security TRIAL DASHBOARD ASSETS EVENTS CONFIGURATIONS 


Container Security Ov 


Last 30 Days Y 


TOTAL IMAGES TOTAL CONTAINERS ROGUE CONTAINERS 


m 


168 227 


CONTAINER DISTRIBUTION BY STATE IMAGE DISTRIBUTION BY VULNERABILITY SEVERITY 


' W 


62 
- E- 
s : > = 


— 
STOPPED CREATED DELETED RUNNING 


Policy Compliance (PC) 


Get automated security configuration assessments on IT systems throughout your network. 
Reduce risk & continuously comply with internal policies and external regulations. 


Policy Compliance { Help w Patrick Slimmer (quays_tt1) v | Logout 


Dashboard Policies Scans Reports Exceptions Assets Users 


Your last scans i 
Dashboard Evaluated policies Evaluated hosts Evaluated controls View all 
Last Updated: Tuesday, 28 Jun 2016 10.10.36.126 - 20160601 
5 13 1352 01 Jun 2016, 16:18:40 
10.10.36.126 
Top Failing Policies 01 Jun 2016, 15:51:09 
Windows Hosts 
by Technology by Criticality 01 Jun 2016, 15:34:04 
10.10.10.22 
“ 01 Jun 2016, 14:51:00 
10.10.24.35 and 10.10.25.10 
01 Jun 2016, 14:49:55 
x 0 i 
Your upcoming scans View all 
Unix Systems 
i 28 Jun 2016, 17:00:00 
= = roty 
o = — —_— 03 Jul 2016, 15:00:00 
Windows 2003 Server Windows 2000 Windows XP desktop Windows Vista Windows 10 Red Hat Enterprise Linux 
3/4 
Top 5 passing policies Top 5 failing policies 
Title % Passing + Title % Failing ~ 
Red Hat Linux [| ss e] My Windows Policy 
My Windows Policy [ os e] Windows Compliance Latest reports View all 
Win7.2.0 [Enterprise Desktop Level] - Unlocked v.3.0 [ asn | | Win7.2.0 [Enterprise Desktop Level] - Unlocked v.3.0 [ ns | S) PC Scorecard 
6, 15:25:48 
Windows Compliance ka Red Hat Linux 
ion Report - All Hosts 
2016, 15:24:40 
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Security Assessment Questionnaire (SAQ) 


Collect and analyze the risk and compliance data you need, from your employees and third party 


vendors, through automated campaigns. 


Security Assessment Questionnaire v 


Dashboard Campaigns Reports Templates Users 


Dashboard 


Last login: Tue 28 Jun 2016 9 


Active Questionnaires 


29 


Active Campaigns 


29 


idle Questionnaires 


A Help v | Patrick Simmer (quays_tt1) v | Logout 


Completed Questionnaires 


2 


MY ACTIVE CAMPAIGNS 


Title Progress Due Date 


Promnetwork campaign 
Due Date: Jun 28, 2016 


28 Jun 2016 


3 questionnaires 16 hours ago 


My Gartner campaign 1 
Due Date: Jul 12, 2016 


12 Jul2016 


3 questionnaires a few seconds ago 


my camp 
Due Date: Jun 21, 2016 


21 Jun 2016 


2 questionnaires June 21, 2016 


Prev_demo 
Due Date: Jun 22, 2016 


22 Jun 2016 


3 questionnaires 6 days ago 


LATEST USER ACTIVITY 


View All _g, CAMPAIGN DISTRIBUTION 


User Questionnaire Title Progress 8 


Hariom singh Promnetwork campaign - tim 0% 


quays_«15 Due Date: 28 Jun 2016 0/132 answered 


Hariom singh Promnetwork campaign - jenn 


quays_ix15 Due Date: 28 Jun 2016 0/132 answered 


Hariom singh — Promnetwork campaign - davi 0% 


quays_&15 Due Date: 28 Jun 2016 01132 answered 


Jenny Mann My Gartner campaign - jenny... ill 23% 


jenny.mann@a... Due Date: 12 Jul 2016 4117 answered 


CloudView (CV) 


View All 


Č) CAMPAIGNS STATUS 


Last Update 


20 Jun 2016 
June 20, 2016 


15 Jun 2016 
June 15, 2016 


Â @ Active 9 
@ complete 2 


14 Jun 2016 Inactive 1 


June 14, 2016 


13 Jun 2016 
June 13, 2016 


TEMPLATES IN DRAFT (ACTIVITY) 


View All 


Title Last Update 


Promnetwork demo 20 Jun 2016 


Author: Hariom singh June 20, 2016 
My template 15 Jun 2016 
Author: Hariom singh June 15, 2016 
my temp 14 Jun 2016 
Author: Hariom singh June 14, 2016 
demo 13 Jun 2016 


Author: Hariom singh June 13, 2016 


Discover and inventory your cloud assets. Monitor users, instances, networks, storage, databases 


and their relationships. 


RESOURCES 


CloudView DASHBOARD 


MONITOR 


POLICIES CONFIGURATION 


Last 30 Days Y 


RESOURCE DISTRIBUTION BY TYPE 


PC Subnet EBS IAM Network 
Volume User ACL | 


re ance S3 vI 


Intemet Route Security Instance 


Gatewav Table Groun Bucket 


TOP 5 ACCOUNTS BY FAILED CONTROLS 


383031258652 4] 


698841842372 39 
687469287392 21 


J» 


FAILURES BY CONTROL CRITICALITY 


1414 


@ HIGH 681 |] 
@ MEDIUM 701 
m Low 32 


TOP 5 FAILED CONTROLS 


Ensure database Instance snapshot is encrypted 385 FS 

Criticaity EIU : La 
Ensure IAM policies are attached only to groups or roles 142 

Criticalty LE 

a T J> 
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Web Application Scanning (WAS) 


Identify vulnerabilities and security risks on your web applications, including cross-site scripting 
(XSS) and SQL injection. 


Web Application Scanning v M Help w | Patrick Slimmer (quays_tt1) w ` Logout 


Dashboard Web Applications Scans Burp Reports Configuration KnowledgeBase 


Dashboard 


Tue 28 Jun 2016 All Vulnerabilities Severity Severity OW Severity Malware Jew Scar 
313 total scanned web apps 20.0K 2.60K 2.23K 15.2K 88 detections P 


94 with Malware Montoring 


ZZi MOST VULNERABLE WEB APPLICATIONS Cy catacoc View All 


Web Application Name Last Scan Date Total Vulnerabilities Hiç it Total 
Demo Web Application 20 Apr 2016 107 7 N 189 


155 New 
My Web Application 29 Mar 2016 108 27 Rogue 
http index.php 1 Approved 
0 ignored 
site10 29 Mar 2016 6 In Subscription 


Catalog Web Application 29 Mar 2016 
http 


Carla Web Application 29 Mar 2016 


==: YOUR LAST SCANS ==: YOUR UPCOMING SCANS ==! LATEST REPORTS View All 


Scan Name Task Name | WebApp - Custom template with tags (html) 
2| 28 Jun 2016 
Demo Web App - VM G| Dai 30 Jun 2016 
Demo Web App - VM i Anp: E] iy a| Catalog - Custom template with tags (html) 
emo Web Applicat | 28 Jun 2016 


= Monthly Discovery Scan EA Monthiy | Scorecard - Custom template with tags (htm) 
Web Application Vulnerability Scan - ... ae 28 Jun 2016 
atates | May 20 (Email - HTML ZIP) 
Weekly WAS Vulnerability Scan i Weeky —04 Jul 2016 | 28 Jun 2016 
Web Application Vulnerability Scan - ... b Applica 
Dac Test Schedule by Tag 
28 Jun 2016 


| Scorecard XML Error 
28 Jun 2016 


Web Application Firewall (WAF) 


WAF is our next-generation cloud service that brings an unparalleled combination of scalability 
and simplicity to web app security. 


Web Application Firewall v M Help w Patrick Slimmer (quays_tt1) w Logout 


Dashboard Events Assets Configuration 


Dashboard - All Web Applications pE Wan Ropmations Dia [ist 24hows f 
Viewing Total Alerts Severity EEJ severity OM Severity 
Mon 27 Jun 2016 - Tue 28 Jun 2016 119,249 95,399 0 23,850 
Activity Timeline 

5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 1:00 2.00 3:00 4:00 5:0 6:0 7:0 8:00 9:00 10:0 11:00 2:00 00 2:00 x00 4:00 

PM AM Ph 
Web Application Statistics 

Hits Blocked Events Client Bandwidth 

E 419,249 (MDA 95,399 359.6 MB 
Event Summary Top Events Traffic Origins 
7.5K 


| | 
2.5K | 
I HUPRURRUUTU TORO ROD 


es eee os 
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Malware Detection (MD) 


MD lets you quickly identify and eradicate malware that could infect your website visitors and 
lead to loss of data and revenue. 


PCI Compliance (PCI) 


Malware Detection v 

Dashboard Scans Reports Assets KnowledgeBase 

Dashboard 

Last login: Tue 28 Jun 2016 

0 scans since last login 

ali] DETECTION TREND 

Daterange 7 days 

215 

5 

22 Wm a 

$o 

2 6 

$ 3 

3 

š o o o 9 O O 9 O O O O QO @ 
CPF OK CE EELE 

Per Day (GMT timezone) 

==: YOUR LAST SCANS 

oe Scan Date Status 

Create Schedule - WEEKLY - API Scheduled Scan was Ba 

ne 19Jun2016 Finished 

WebApp - MM MONTHLY Scheduled Scan Sir cso: Windia 

eed 18Jun 2016 Finished 


Total Sites Sites with Detections Total Detections 
150 | 8 105 
==! SITES WITH DETECTIONS 
Webapp1 
http: m 
New WA (MDS Linked-Oct 18) 
= amm 608 ae owe 
123testing 
hip: ==. ae ae ~~ —— 
MDS 


Help w Patrick Simmer (quays_tt1) w | Logout 


hip. ==» -ee aeeoe Ss -oe 


MDS Webapp 
hhn 


View sll ==! YOUR UPCOMING SCANS 
Severity Scan name 
2 Scheduled Scan 
HIGH WA Scheduled Scan 
Create WebApp 
MDS-WAS Domain 


aas. 13 detections 


View all 
4 detections 
3 detections 


32 detections 


16 detections 
View all 
Starts Occurs 
30Jun2016 Daily 
013ui2016 Daily 
04Jul2016 Daily 
24Jul2016 Daily 


Achieve and validate compliance with the PCI Data Security Standard (PCI DSS). Use our solution 
for PCI compliance testing, reporting and submission. Qualys is an Approved Scanning Vendor 


(ASV). 


Payment Card Industry Compliance 


Jason Kim 


rts Shop, Inc.] | Help | Log Out 


@ Home Compliance Status 
= Network X 
: Overall Status Hosts Vulnerabilities Potential Vulnerabilities Actions 
@ Compliance a 
EE Sera In Account: 2 ‘BHIGH | 0 E HIGH | 0 —— 
Submilied Reports Not Live: 0 E MED 0 E MED 0 
a Web Applications ~ o Compliant: 2 S a pe : 
|e? Questionnaires - © Not Compliant: 0 — — 
& Account . © Not Current: tiw 0 


@ Contact Support 
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